It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.
CPE | Name | Operator | Version |
---|---|---|---|
cloudforms | eq | 4.5 | |
cloudforms_management_engine | eq | 5.8 |